Cracking Drupal: A Drop in the Bucket

Cracking Drupal: A Drop in the Bucket

Continue Shopping or See your cart

Item Description

The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing. The main goal of this guide is to explain how to write code that avoids an attack in the Drupal environment, while also addressing how to proceed if vulnerability has been spotted and then regain control of security.

Product Details

  • Author: Greg Knaddison
  • Publication Date: 2009-05-11
  • Publisher: Wiley
  • Product Group: Book
  • Manufacturer: Wiley
  • Binding: Paperback, 240 pages
  • Features:
    • ISBN13: 9780470429037
    • Condition: New
    • Notes: BUY WITH CONFIDENCE, Over one million books sold! 98% Positive feedback. Compare our books, prices and service to the competition. 100% Satisfaction Guaranteed
  • Package Dimensions:
    • Dimensions: 920L x 730W x 60H
    • Weight: 80
  • List Price: $40.00
  • ISBN: 0470429038
  • ASIN: 0470429038

Buying Options

Sold by thebookguyz: Usually ships in 1-2 business days

Similar Items

Customer Reviews

Average Amazon User Rating: 4.5 stars

4 stars Good basic overview 2010-08-30

Reviewer: yosemiteexplorer

This is a good basic overview of Drupal security for admins, module developers and themers. One thing that surprised me is that it did not really cover security on a site using SSL (such as an Ubercart site or perhaps a membership site with secure login).

4 stars Worth Taking a Look 2010-06-22

Reviewer: R Bryan Boova

Useful guide to use for Drupal site administrators.

Highlight potential security vulnerabilities and other places that might cause issues in one's Drupal site.

4 stars Cracking Drupal: All it is cracked up to be? 2010-02-03

Reviewer: Kevin

Here is an excerpt of my review, the full review can be found on my blog which is linked from my profile page.

Cracking Drupal: A Drop in the Bucket is the first book specifically discussing vulnerabilities in the Drupal Content Management System. However, is it all it's 'cracked up' to be?

Well, you will have to decide for yourself, but I would recommend this book for almost all intermediate+ Drupal users. It will get you thinking about security in Drupal, provide recommendations for tools that will help you implement that security, and generally leaving you with a stronger understanding of the whole Drupal stack. However, if you are a seasoned Drupal veteran you may want to give this a pass or just take a gander at it from a friend's copy or a library, as much of the material is already known to hardcore Drupalers (e.g., if you are a core contributer, you probably don't need this book, but then again you don't need me to tell you that).

4 stars Great if you're a code geek, impossible for beginners 2010-01-30

Reviewer: Lonny D. Stark

This book is not suitable for anyone who doesn't have a very strong understanding of Drupal and Drupal-speak. Beginners and even intermediate web developers will not understand much in Cracking Drupal, which is neck-deep in geek. See to my last paragraph in this review if you're a beginner.

This is not to say this isn't a good book. I've gone through it once, and plan to read it over a second or third time because it is filled with information. I'm not a security expert, but from my limited perspective I did not see any glaring errors, and I enjoyed the frankness with which the author approached the subject of Drupal security.

For Drupal beginners, here are the basics in helping secure your site: follow every Drupal best practice that you find in the online handbook and articles, don't hack the core or modules, strictly follow Drupal conventions if you create your own modules, and never turn on the PHP filter (which allows you to pepper the site with your own PHP code). And most importantly - run crons frequently and update, update, update! After you've spent a year or two with Drupal, and you're comfortable with the CMS, then look for a second edition of Cracking Drupal.

5 stars Concise and illuminating 2009-12-29

Reviewer: John De Mott

Within 24 hours of reading this book I found and patched a XSS attack on my site at work. It's well written, to the point, and informative. The author goes above and beyond explaining Drupal exploits and shows you how to track them down in the wild using the Drupal CVS repository. Most helpful is knowing how to properly use Drupal's built in security measures that take much of the weight of developing secure code off your shoulders.